Central Wifimanager@1.03 Security Vulnerabilities and Issues — Central Wifimanager@1.03 CVE List

Lucene search

DlinkCentral Wifimanager1.03

5 matches found

CVE•added 2019/07/06 11:15 p.m.•303 views

CVE-2019-13374

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.

6.1CVSS5.9AI score0.00197EPSS

CVE•added 2019/07/06 11:15 p.m.•275 views

CVE-2019-13373

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.

9.8CVSS9.6AI score0.90075EPSS

CVE•added 2019/07/06 11:15 p.m.•270 views

CVE-2019-13375

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.

9.8CVSS9.8AI score0.18001EPSS

CVE•added 2019/01/31 7:29 p.m.•67 views

CVE-2018-15516

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

5.8CVSS5.8AI score0.02286EPSS

CVE•added 2019/01/31 7:29 p.m.•66 views

CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI...

8.6CVSS8.5AI score0.7459EPSS